Details
-
Task
-
Status: Resolved
-
Blocker
-
Resolution: Done
-
None
-
None
Description
As of today, Hadoop relies on log4j-1, not log4j2. It is understood that the log4jshell vulnerability (CVE-2021-44228) does not impact log4j-1. Given the widespread attention to the incidence, we should make it clear that Hadoop is not susceptible to the attack.
Attachments
Issue Links
- links to